Abstract
The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.
Supplemental Material
- Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems - CHES 2002, Burton S. Kaliski, çetin K. Koç, and Christof Paar (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 29–45. isbn:978-3-540-36400-9 Google Scholar
Digital Library
- José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, and Michael Emmi. 2016. Verifying constant-time implementations. In 25th $USENIX$ Security Symposium ($USENIX$ Security 16). 53–70. Google Scholar
Digital Library
- Elaine Barker and Nicky Mouha. 2017. Recommendation for the Triple Data Encryption Standard (TDEA) Block Cipher. NIST Special Publication, 800-67, Revision 2, US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD. Google Scholar
Digital Library
- Daniel J. Bernstein. 2005. Cache-timing attacks on AES. cr.yp.to/papers.html#cachetimingGoogle Scholar
- Joseph Bonneau and Ilya Mironov. 2006. Cache-Collision Timing Attacks Against AES. In Cryptographic Hardware and Embedded Systems - CHES 2006, Louis Goubin and Mitsuru Matsui (Eds.) (Lecture Notes in Computer Science, Vol. 4249). Springer Berlin Heidelberg, 201–215. Google Scholar
Digital Library
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Proceedings of the 11th USENIX Conference on Offensive Technologies (WOOT’17). USENIX Association, Berkeley, CA, USA. 11–11. http://dl.acm.org/citation.cfm?id=3154768.3154779 Google Scholar
Digital Library
- Robert Brotzman. 2021. Detecting and Mitigating Cache-Based Side-Channels. Ph. D. Dissertation. Pennsylvania State University.Google Scholar
- R. Brotzman, S. Liu, D. Zhang, G. Tan, and M. Kandemir. 2019. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In 2019 IEEE Symposium on Security and Privacy (S&P). 364–380. issn:CFP19020-ART https://doi.org/10.1109/SP.2019.00022 Google Scholar
Cross Ref
- Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In 28th USENIX Security Symposium (USENIX Security). 249–266. Google Scholar
Digital Library
- Chandler Carruth. 2019. Speculative Load Hardening. https://llvm.org/docs/SpeculativeLoadHardening.htmlGoogle Scholar
- Sunjay Cauligi, Craig Disselkoen, Klaus v Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe. 2020. Constant-Time Foundations for the New Spectre Era. In Proceedings of the 41st ACM Conference on Programming Language Design and Implementation (PLDI’20), London, UK. Google Scholar
Digital Library
- K. Cheang, C. Rasmussen, S. Seshia, and P. Subramanyan. 2019. A Formal Approach to Secure Speculation. In 32nd IEEE Computer Security Foundations Symposium (CSF). 288–28815.Google Scholar
- Lesly-Ann Daniel, S’ebastien Bardin, and Tamara Rezk. 2020. Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level. In 2020 IEEE Symposium on Security and Privacy (S&P). 1021–1038.Google Scholar
Cross Ref
- Jack Doweck, Wen-Fu Kao, Allen Kuan-yu Lu, Julius Mandelblat, Anirudha Rahatekar, Lihu Rappoport, Efraim Rotem, Ahmad Yasin, and Adi Yoaz. 2017. Inside 6th-generation intel core: New microarchitecture code-named skylake. IEEE Micro, 37, 2 (2017), 52–62. Google Scholar
Digital Library
- Goran Doychev, Dominik Feld, Boris Kopf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In Proc. the 22nd USENIX Security Symposium (USENIX Security). 431–446. Google Scholar
Digital Library
- Goran Doychev and Boris Köpf. 2017. Rigorous analysis of software countermeasures against cache attacks. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI). 406–421. Google Scholar
Digital Library
- Joseph A. Goguen and Jose Meseguer. 1982. Security Policies and Security Models. In IEEE Symp. on Security and Privacy (S&P). 11–20.Google Scholar
- Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security (EuroSec’17). ACM, New York, NY, USA. Article 2, 6 pages. isbn:978-1-4503-4935-2 https://doi.org/10.1145/3065913.3065915 Google Scholar
Digital Library
- Roberto Guanciale, Musard Balliu, and Mads Dam. 2020. InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20). Association for Computing Machinery, New York, NY, USA. 1853–1869. isbn:9781450370899 https://doi.org/10.1145/3372297.3417246 Google Scholar
Digital Library
- Marco Guarnieri, Boris Köpf, José F. Morales, Jan Reineke, and Andrés Sánchez. 2020. Spectector: Principled Detection of Speculative Information Flows. In Proceedings of the IEEE Symposium on Security & Privacy (S&P).Google Scholar
Cross Ref
- David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache Games—Bringing Access-Based Cache Attacks on AES to Practice. In Proc. IEEE Symp. on Security and Privacy (S&P). 490–505. Google Scholar
Digital Library
- Jann Horn. 2018. Issue 1528: speculative execution, variant 4: speculative store bypass. https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 Accessed: 2020-1-21Google Scholar
- Intel. 2018. Bounds Check Bypass. https://software.intel.com/security-software-guidance/software-guidance/bounds-check-bypassGoogle Scholar
- Intel. 2018. Intel Analysis of Speculative Execution Side Channels. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdfGoogle Scholar
- Vladimir Kiriansky, Ilia A. Lebedev, Saman P. Amarasinghe, Srinivas Devadas, and Joel S. Emer. 2018. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), 974–987. Google Scholar
Digital Library
- Paul Kocher. 2018. Spectre Mitigations in Microsoft’s C/C++ Compiler. https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.htmlGoogle Scholar
- Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P’19).Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology — CRYPTO’ 99, Michael Wiener (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 388–397. isbn:978-3-540-48405-9 Google Scholar
Digital Library
- Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO ’96). Springer-Verlag, London, UK, UK. 104–113. isbn:3-540-61512-1 http://dl.acm.org/citation.cfm?id=646761.706156 Google Scholar
Digital Library
- Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In 12th USENIX Workshop on Offensive Technologies (WOOT 18). USENIX Association, Baltimore, MD. https://www.usenix.org/conference/woot18/presentation/koruyeh Google Scholar
Digital Library
- Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization (CGO ’04). IEEE Computer Society, USA. 75. isbn:0769521029 Google Scholar
Digital Library
- Fangfei Liu, Y. Yarom, Qian Ge, G. Heiser, and R.B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In IEEE Symposium on Security and Privacy (S&P),. 605–622. Google Scholar
Digital Library
- J. Longo, E. De Mulder, D. Page, and M. Tunstall. 2015. SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip. In Cryptographic Hardware and Embedded Systems – CHES 2015, Tim Güneysu and Helena Handschuh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 620–640. isbn:978-3-662-48324-4Google Scholar
- Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative Execution Using Return Stack Buffers. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18). Association for Computing Machinery, New York, NY, USA. 2109–2122. isbn:9781450356930 https://doi.org/10.1145/3243734.3243761 Google Scholar
Digital Library
- David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2006. The program counter security model: automatic detection and removal of control-flow side channel attacks. In Proc. 8superscript th International Conference on Information Security and Cryptology. 156–168. Google Scholar
Digital Library
- Oleksii Oleksenko, Bohdan Trach, Tobias Reiher, Mark Silberstein, and Christof Fetzer. 2018. You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass. ArXiv, abs/1805.08506 (2018).Google Scholar
- Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, and Christof Fetzer. 2020. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https://www.usenix.org/conference/usenixsecurity20/presentation/oleksenko Google Scholar
Digital Library
- Dag A. Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES. Topics in Cryptology–CT-RSA 2006, Jan., 1–20. Google Scholar
Digital Library
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In 16th ACM Conference on Computer and Communications Security (CCS). 199–212. Google Scholar
Digital Library
- Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 3–24.Google Scholar
Cross Ref
- Eran Tromer, DagArne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology, 23, 1 (2010), 37–71. Google Scholar
Digital Library
- Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In Proceedings of the 2Nd Workshop on System Software for Trusted Execution (SysTEX’17). ACM, New York, NY, USA. Article 4, 6 pages. isbn:978-1-4503-5097-6 https://doi.org/10.1145/3152701.3152706 Google Scholar
Digital Library
- Guanhua Wang, Sudipta Chattopadhyay, Ivan Gotovchits, Tulika Mitra, and Abhik Roychoudhury. 2019. oo7: Low-overhead defense against spectre attacks via program analysis. IEEE Transactions on Software Engineering.Google Scholar
- Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. 2019. Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation. In 28th USENIX Security Symposium (USENIX Security 19). 657–674. Google Scholar
Digital Library
- Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In Proc. the 26th USENIX Security Symposium (USENIX Security). 235–252. Google Scholar
Digital Library
- Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 159–173. Google Scholar
Digital Library
- Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. Stacco: Differentially analyzing side-channel traces for detecting SSL/TLS vulnerabilities in secure enclaves. In Proc. ACM Conf. on Computer and Communications Security (CCS). 859–874. Google Scholar
Digital Library
- Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. 29–40. Google Scholar
Digital Library
- Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, and Josep Torrellas. 2018. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), 428–441. Google Scholar
Digital Library
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium. 719–732. Google Scholar
Digital Library
- Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM Side Channels and Their Use to Extract Private Keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. 305–316. Google Scholar
Digital Library
Index Terms
SpecSafe: detecting cache side channels in a speculative world
Recommendations
First Time Miss : Low Overhead Mitigation for Shared Memory Cache Side Channels
ICPP '20: Proceedings of the 49th International Conference on Parallel ProcessingCache hit or miss is an important source of information leakage in cache side channel attacks. An attacker observes a much faster cache access time if the cache line has previously been filled in by the victim, and a much slower memory access time if ...
Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks
ISCA '17: Proceedings of the 44th Annual International Symposium on Computer ArchitectureIn cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, ...
New cache designs for thwarting software cache-based side channel attacks
ISCA '07: Proceedings of the 34th annual international symposium on Computer architectureSoftware cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose ...






Comments